Technology giant Microsoft Corp. disclosed that it fell victim to a cyberattack orchestrated by a Russian-linked hacking group, known as Midnight Blizzard, which gained unauthorized access to a “small number” of email accounts.
The affected accounts included those belonging to senior leadership and employees specializing in cybersecurity and legal matters.
Microsoft is diligently addressing the situation, promptly initiating measures to rectify vulnerabilities in older systems.
However, the company anticipates some disruptions as a consequence of these security enhancements.
The hacking group, Midnight Blizzard, has not breached customer systems or Microsoft servers responsible for outward-facing products, according to a company blog post released on Friday.
Microsoft also clarified that there is no evidence suggesting the group accessed source code or artificial intelligence systems.
Nobelium, the sophisticated nation-state hacking group responsible for the attack, has previously been linked to Russia and was involved in the SolarWinds breach against a US federal contractor, part of a broader cyber-espionage effort targeting federal agencies.
Microsoft Faces “Password Spray” Cyber Attack
Microsoft revealed that the hackers employed a “password spray” attack starting in November to infiltrate their systems.
This method, akin to a “brute force attack,” involves rapid attempts to use multiple passwords on specific usernames to breach targeted corporate accounts.
Alongside unauthorized access to accounts, the attackers also obtained emails and attached documents. Microsoft detected the breach on January 12 and is actively notifying affected employees.
Eric Goldstein, Executive Assistant Director for Cybersecurity at the US Cybersecurity and Infrastructure Security Agency, stated that government officials are closely collaborating with Microsoft to gain insights into the incident and assess its impact to protect potential victims.
This incident follows a trend of major hacking campaigns targeting Microsoft technology. The US Cyber Safety Review Board, which reports to the Department of Homeland Security, is currently investigating a 2023 intrusion into Microsoft Exchange Online attributed to China-linked hackers. Concerns about cloud computing security have grown as senior US officials’ email accounts were compromised in that breach.
Reflecting on the recent breach, Microsoft acknowledges the need for accelerated changes, particularly in older systems and products.
The company is committed to reinforcing its security measures and learning from past incidents to ensure a more robust defense against cyber threats.